BGP routing
NOTE: You must have an advanced features license to use BGP routing.
Border Gateway Protocol (BGP) is an inter Autonomous System (AS) routing protocol. It is the main protocol to connect ISP networks across the world.
The current version of BGP is version 4 and defined in RFC- 4271. BGP uses TCP for transport protocol.
BGP is a path-vector protocol. It makes routing decision based on path and network policies rather than hop-count metric (RIP) or cost-factor metrics (OSPF).
You must explicitly configure peers to exchange routing information. There is no discovery in BGP.
FortiSwitchOS supports BGP-4 as described in RFC 4271.
This chapter covers the following topics:
Terminology
An autonomous system (AS) is a group of one or more routers run by a network operator or service provider which has a single and clearly defined routing policy and is under single administration. Usually, the network operator will run an internal gateway protocol (such as OSPF, IS- etc) within the AS, and use BGP between AS's.
Each AS has a number that acts as a unique international identifier. AS numbers can be purchased from IANA.
External BGP (EBGP) is a variation of BGP which involves packet crossing multiple ASs. Confederation uses EBGP.
Internal BGP (IBGP) involves routing packets within a single AS. Router reflector uses iBGP. Routes learned using IBGP have a higher priority than the routes learned using EBGP.
BGP speaker router is a router that advertises routes to its peers using configured policies.
The FortiSwitch unit connects to neighbors as a BGP peer. The FortiSwitch unit is a BGP speaker node and advertise its routes. The FortiSwitch unit accepts routes with BGP and adds these routes to its local routing tables.
Configuring BGP
Configuring BGP on the FortiSwitch unit includes the following major steps:
- Enter the BGP configuration mode.
- Set the autonomous system and router identifier.
- Configure a BGP neighbor.
- Redistribute non-BGP routes. Advertise these non-BGP routes within BGP.
1. Enter the BGP configuration mode
Enter the BGP configuration mode to access all of the BGP configuration command:
# config router bgp
2. Set the autonomous system and router identifier
Set the autonomous system. For IBGP, the AS value needs to match the remote-as value in the neighbor router. For EBGP, the AS value differs from the remote-as value in the neighbor router. You also need to specify a fixed router identifier for the FortiSwitch unit. These two commands are mandatory.
# set as <AS number>
# set router-id <IP_address>
3. Configure the BGP neighbors
Configure the BGP neighbors.
NOTE: For IBGP, if the IP address of the BGP neighbor is a loopback address, you must use the set update-source cmd command to specify which interface address will be used as the source IP address in the outgoing BGP packet.
config neighbor
edit <IP address>
set remote-as <1-4294967295>
end
4. Redistribute non-BGP routers
Redistribute non-BGP routes within BGP:
config redistribute {connected | isis | ospf | rip | static}
set status enable
set route-map <string>
end
Other BGP commands
Clearing the BGP routes
Use the following commands to clear the BGP routes:
execute router clear bgp all
execute router clear bgp ip <IP address>
execute router clear bgp as <AS_number>
execute router clear bgp dampening <IP_address>
Checking the BGP configuration
The get router info bgp command has options to display different aspects of the BGP configuration and status.
For example:
get router info bgp neighbors
get router info bgp network
Changing the maximum number of paths for ECMP
If you are using equal-cost multi-path (ECMP) routing with the EBGP or IBGP, the maximum number of paths is 1 by default. Use the following commands to change the default:
config router bgp
set maximum-paths-ebgp <1-64>
set maximum-paths-ibgp <1-64>
end
Sample configurations
Here is an example of a BGP routing configuration:
Configure system interfaces
Interface configuration for FortiSwitch 1:
config system interface
edit mgmt
set ip 10.105.7.9 255.255.255.0
set allowaccess ping https http ssh telnet
set type physical
next
edit internal
set type physical
next
edit vlan20-p2
set ip 192.168.2.100 255.255.255.0
set allowaccess ping https http ssh telnet
set vlanid 20
set interface internal
next
edit vlan40-p4
set ip 172.168.111.6 255.255.255.0
set allowaccess ping https http ssh telnet
set vlanid 40
set interface internal
end
config switch interface
edit "port2"
set native-vlan 20
set stp-state disabled
next
edit "port4"
set native-vlan 40
set stp-state disabled
next
edit "internal"
set allowed-vlans 1,20, 40, 4094
set stp-state disabled
next
end
Internal BGP
In this example, the two neighboring switches are in the same autonomous system.
Configuration for FortiSwitch 1:
config router bgp
set as 6500
set router-id 1.2.3.4
config neighbor
edit "172.168.111.5"
set remote-as 6500
next
end
config network
edit 1
set prefix 192.168.2.0 255.255.255.0
next
end
config redistribute "connected"
end
end
end
Configuration for FortiSwitch 2:
config router bgp
set as 6500
set router-id 5.6.7.8
config neighbor
edit "172.168.111.6"
set remote-as 6500
next
end
config network
edit 1
set prefix 10.50.2.0 255.255.255.0
next
end
config redistribute "connected"
end
end
end
External BGP
In this example, the two neighboring switches are in separate autonomous systems.
Configuration for FortiSwitch 1:
config router bgp
set as 6500
set router-id 1.2.3.4
config neighbor
edit "172.168.111.5"
set remote-as 7500
next
end
config network
edit 1
set prefix 192.168.2.0 255.255.255.0
next
end
config redistribute "connected"
end
end
end
Configuration for FortiSwitch 2:
config router bgp
set as 7500
set router-id 5.6.7.8
config neighbor
edit "172.168.111.6"
set remote-as 6500
next
end
config network
edit 1
set prefix 10.50.2.0 255.255.255.0
next
end
config redistribute "connected"
end
end
end
Using the following command, you can check the BGP status on the local switch:
# get router info bgp summary
To check the details about the BGP neighbors:
# get router info bgp neighbors
To check the routes learned by BGP, use the following command:
# get router info routing-table details